I often read articles about Cyber Security and find they get so deep so fast it can feel overwhelming. Know the feeling? I thought so. Anyone that knows me has probably heard me say, “doing something, anything, to improve your security position is a good thing – no matter how big or how small – because it will make you better today than you were yesterday.” I stand by that.

But the question often becomes – – okay, what is that something?

In various presentations and seminars I have given, we have provided some ideas, but I recently stumbled upon an article called “Securing the Connected Enterprise” from Electro industry, the NAED journal, that I thought did a really nice job identifying nine key areas to look at, at least three of which I’d really encourage you to go act on now:

Architect for Security

Segment Networks

Understand Data Types and Flows

Monitor Devices and Systems

Change Default Passwords

Harden Devices

Update Devices

“Know the Enemy and Know Yourself”

Plan to Test, Test the Plan

At the bottom, there is a link to the full article but let’s look at a few of these:

Segment Networks

As the article calls out, creating smaller network segments within your overall plant network provides, “…better security, easier maintenance, and more robust networks.” There is no doubt this is true, but segmenting also creates more work. So why should you start segmenting? A few reasons cited include:

Reduces Network Load – the more segmentation that exists, the less traffic that is traveling to each area, the less an ICS device or PLC sees, and the less it needs to process.

Reduces Incident Impact – segmentation naturally provides some level of isolation for various parts of the network. So, if there is an incident, the spread of the situation is typically contained and the other “segments” of your network (a.k.a. other areas of your plant) can continue while the incident is investigated and resolved.

Provides Monitoring Points – segmenting provides natural places for the traffic to be consolidated while it is routed to other portions of the network, these well-defined locations then provide a key place to monitor.

Change Default Passwords

Default passwords provide a purpose, there is no doubt to that. They are extremely useful to users and vendors to quickly configure a device out of the box. BUT, they create an extreme vulnerability. I think we all know that so why do we do we keep using them?

The recent Mirai botnet attack shows us an example of why we must stop – more than 300,000 IoT devices that were using default or weak passwords were used to create a traffic storm. These devices created nearly 600 Mbps of traffic after someone figured out how to get all the devices, which were using poor passwords, to launch an attack simultaneously.

If a traffic storm like that ever happened on a plant network, it would crumble almost instantaneously.

In addition, if that example doesn’t convince you, earlier this month a group called SCADA StrangeLove published a list of default passwords for over 100 Industrial Control System products. Not that they weren’t easy to get a hold of before, but at least it took a little research, maybe a key stroke or two. Not anymore! Researchers Disclose Default Credentials for Over 100 ICS/SCADA Products

Know the Enemy and Know Yourself

Lastly, it is important to try to stay as informed as possible. With the critical role networks are taking in our plants keeping up on news regarding security is just as important as fine tuning your PLC skills. Keep track of security events and vulnerabilities by developing a list of a few different trusted sources that can be scanned each day for issues that affect you.

In summary, these are just some things to consider. In a prior role, I often said “The Time to Act is Now,” and I whole heartedly believe that – no matter how big or how small – I challenge you to do something today to improve your plant’s security position.

PS – if you are interested in reading the full article, it can be found on page 11 of the January 2017 Electroindustry publication.

PPS – Have questions or need some help thinking through your starting point? The newly formed Networking Group at Rumsey can help. Just send us a note with your thoughts and what areas you might need help with.

Julia Santogatta is the Director of Networking, Automation, & Information Solutions at Rumsey. She has spent 15+ years working with customers in industrial manufacturing, system integration and machine building. Prior to joining Rumsey she spent 10 years with Rockwell Automation and five years with the Belden cable and networking brands – Belden, Hirschmann, Tofino and GarrettCom.